Index

Numbers

  • 1000BaseT Ethernet
    • maximum direct link distance, 110
    • spanning distances, 93
  • 2DES, vulnerabilities, 86
  • 3DES, 218, 244, 249
    • number of keys needed, 141
  • 4G cellular networks, 169

A

  • ABAC. See attribute-based access control (ABAC)
  • access cards, physical security, 30–31
  • access control
  • access control lists (ACLs), 189, 191, 196, 251, 258
  • access control matrix, 258
  • access controls, 175. See also authentication
    • ABAC, 189
    • access granting, 141
    • attacks, 132
    • cloud-based applications, 11
    • decentralized, 5
    • default access, 9
    • delegating rights, 15
    • employee termination, 6
    • excessive privileges, 170
    • fingerprint scanning, 9
    • firewalls, 10
    • identity proofing, 8
    • lattice-based, 192
    • MAC, 4
    • mandatory, 10
    • medical records, 178
    • models, 5
    • new users, 3
    • nondiscretionary, 2
    • NTFS filesystems, 8
    • object ownership, 13
    • post-admission, 161
    • principles, 178
    • rule-based, 192
    • scheme types, 177
    • security principles, 33
    • single sign-on, 6
    • standalone file servers, 7
    • subject/object model, 192
    • superuser privileges, 34
    • system types, 5, 15
    • technologies, 6
    • threats, 160
    • types, 31, 146, 166, 171
    • wireless networks, 156
  • access permissions, best practices, 32
  • account maintenance, 8
  • accountability, 191
  • accounting, 9
  • ACK scans, 210, 242
  • Active Directory, 204
  • Active Directory Federation Services (ADFS), 245
  • active wireless scanning, problems, 99
  • Address Resolution Protocol (ARP), 182, 264
    • ARP spoofing, 106
    • OSI layer, 99
    • penetration testing, 104
  • ADFS (Active Directory Federation Services), 245
  • administrative controls, 163, 199
    • confidentiality of information, 19
    • evaluating, 173
    • security processes, 26
  • administrative privileges, principles, 33
  • Advanced Encryption Standard (AES), 218, 220, 245, 253, 257
  • advanced persistent threat (APT), 210, 259
    • system restoration options, 59
  • adverse events, 212
  • AES-256, 218
  • aggregation of privileges, 200, 258
  • aircrack-ng, 93
  • algorithms
    • AES, 218
    • DES, 218
    • encryption, 150
    • hashing, 83
    • nonrepudiation support, 88, 223
    • obsolete cryptographic, 85
    • symmetric cryptosystems, 84
    • symmetric encryption keys, 88
    • time-based, 190
    • varying encryption key strength, 86
  • alternate processing facilities, 185
  • amplification attacks, 207
  • annual rate of occurrence (ARO), 202, 204
    • calculating, 43
  • annualized loss expectancy, 202, 246
    • risk assessment, 38
  • annualized rate of occurrence, risk assessment, 38
  • antimalware
    • APTs, 210
    • heuristic detection, 241
    • heuristic-based, 250
    • installation detection, 241
  • application control technologies, 127
  • application logs, 217
    • HTTP server, 252
  • application management, 177
  • application threat modeling, 265
  • application-level gateway firewall, 243
  • applications, session management solutions, 127
  • application control technologies, 132
  • APT. See advanced persistent threat (APT)
  • archive bit, backups, 164
  • ARO. See annual rate of occurrence (ARO)
  • ARP. See Address Resolution Protocol (ARP)
  • asset valuation methods, 51, 203
  • asymmetric cryptosystems, keys, 223
  • asymmetric encryption systems, 161–162, 221
    • keys, 222
    • nonrepudiation, 223
    • number of keys needed, 87
    • session keys, 222
  • asynchronous tokens, 190, 193
  • attacks, 129. See also exploits; security
    • access controls, 132
    • amplification, 207
    • ARP spoofing, 106
    • automated password cracking, 88
    • BEAST, 219
    • bluesnarfing, 105
    • botnets, 156
    • brute-force, 205, 208, 240, 263
    • buffer overflow, 30, 208
    • collision, 221
    • CRIME, 219
    • cross-site scripting, 96
    • cryptography, 85
    • DDoS, 37
    • denial-of-service, 33, 253
    • denial-of-service, 240
    • dictionary, 208, 240, 253
    • DoS, 157
    • eavesdropping, 197
    • elevation of privilege threats, 47, 206
    • employee trust, 155
    • encryption technologies, 81
    • exploit testing tools, 144
    • IP spoofing, 111
    • login attack types, 46, 50
    • malware beaconing, 59
    • man-in-the-middle, 208, 218, 240, 253
    • meet-in-the-middle attack, 214, 222
    • nslookup, 110
    • packet injection, 218
    • pass-the-hash, 262
    • passwords, 151, 154
    • penetration testing, 38
    • plaintext, 222
    • POODLE, 219
    • preventing, 174, 182
    • rainbow tables, 83, 139, 208, 243–244
    • ransomware, 196
    • repudiation, 206, 261
    • spoofing, 206
    • SQL injection, 41
    • Stuxnet, 219
    • teardrop, 240
    • threat actors, 211
    • TOC/TOU attack, 266
    • types, 20
    • between users and websites, 105
    • VM escape exploits, 125
    • web-based applications, 54
    • wireless, 111
    • wireless networks, 156
    • zero-day, 53, 151
    • zero-day vulnerabilities, 128
  • attribute-based access control (ABAC), 189
  • audit logging, 208, 260
  • auditing, 195
    • backup maintenance, 47
    • backups, 206
    • controls, 76
    • SaaS, 182
    • Windows audit log types, 165
  • authentication, 2, 9, 163, 193, 248. See also access control
    • availability risks, 11
    • backend (VPNs), 98
    • biometric, 3–4, 132
    • CER, 240
    • data gathering and, 240
    • device-based, 2, 188
    • dynamic knowledge-based, 190
    • dynamic knowledge-based, 191
    • ERR, 240
    • FAR, 3–4, 240
    • FRR, 3–4, 240
    • identity platform types, 186
    • knowledge-based, 191, 192
    • log reviewing techniques, 54
    • multifactor technologies, 6, 149
    • OAuth, 5
    • palm scans, 193
    • password improvement, 11
    • port-based, 95
    • scans, 263
    • techniques, 5, 189
    • ticket-based, 12
    • tokens presentation, 189
    • tools, 3, 175
    • Type 3 authenticators, 12
    • voice pattern recognition, 142
    • vulnerability scanners, 209
  • Authentication Header, 262
  • authorization, 9, 191, 193, 244. See also identity verification
    • standalone file servers, 7
    • tools, 153
  • automated-account provisioning, 241
  • availability attacks, 196
  • availability control, 197
  • awareness programs, 124, 255, 257

B

  • backend authentication protocols, VPNs, 98
  • backup media rotation schemes, 214, 245
  • backup tape rotation schemes, 67
  • backup tapes
    • exposure, 220
    • security when shipping, 87
    • third-party storage, 82
  • backups, 257
    • APTs, 210
    • archive bit, 164
    • auditing, 206
    • configuring, 68
    • differential, 214
    • electronic vaulting, 212, 215
    • protecting, 81
    • recovery schemes, 143
    • scheduling, 167, 196
  • bandwidth consumption, 211
  • bare-metal virtualization environment, 121
  • baseline security, 196, 198, 201, 263
  • bastion host, 243
  • BCP. See business continuity plans
  • Bcrypt, 220
  • beacons, 210
  • BEAST attack, 219
  • best evidence rule, 240, 246
  • beyond-a-reasonable doubt evidence standard, 183
  • BGP, 242
  • BGP (Border Gateway Protocol), 254
  • binary key spaces, 221
  • binary keyspaces, 249, 252
  • biometric authentication, 3–4, 132, 240, 245
    • CER standard, 189
    • crossover error rate, 188
    • multifactor authentication, 192
    • retina scans, 179
    • tokens, 190
  • BIOS, malware, 213
  • bit-by-bit acquisition, 211
  • BitLocker, 180, 219
  • BitTorrent, 217
  • black box testing, 152, 201, 202, 241, 250, 258, 259
  • blacklisting, 241, 262
  • Blowfish, 220, 222
  • bluesnarfing attacks, 105
  • Bluetooth
    • best practices, 105
    • penetration testing, 101
  • Border Gateway Protocol (BGP), 254
  • botnet command and control systems, preventing connections, 125
  • botnets
    • attack types, 156
    • detecting, 44
    • repeat attacks, 66
  • bridges, 250
  • broadcast storms, 94
  • brute-force password attacks, 151, 201, 205, 208, 240, 246, 263
  • buffer overflow attacks, 30, 208, 209
  • business continuity plans, 20, 184, 255, 266
    • documentation, 63, 212
    • goals, 163
    • management approval, 217
    • project scope, 73
    • restoration after incident, 179
    • risk acceptance, 146
    • senior management role, 63
    • stakeholders, 65
    • strategies, 170
    • tasks, 155
    • team membership, 213
    • training, 63, 212
    • training intervals, 134
  • business continuity roles, 241
  • business impact analysis, 40
    • assessment tools, 54
    • metrics, 149
    • qualitative tools, 210
    • risk acceptance, 208
  • business processes, 146

C

  • CA. See certificate authority (CA)
  • cable lengths, 178, 262, 266
  • CAC, 13
  • Capability Maturity Model (CMM), 207
  • capability tables, 189
  • capacitance motion detectors, 241
  • captive portals, 252
  • CAS (Central Authentication), 245
  • Category 3 UTP cable, speed rating, 99
  • Category 5e UTP cable, 240
  • Category 6 cables, maximum distance, 185
  • Category 6 UTP cable, 240, 266
  • Category 7 UTP cable, 240
  • CBC (Cipher Block Chaining), 245
  • CCMP. See Counter Mode Cipher Block Chaining Message Authentication Mode Protocol (CCMP)
  • CDN. See content distribution network (CDN)
  • cell phones
    • mobile device management software, 169
    • remote wiping, 169
  • cellular networks
    • encryption, 257
    • security considerations, 169
  • Central Authentication (CAS), 245
  • central logging infrastructure, 41, 138
  • centralized account control, 190
  • centralized authentication records, 216
  • CER standard, 189, 240
  • Certificate Authority, digital certificate trust, 222
  • certificate authority (CA), 162
  • Certificate Revocation List, 223
  • certificate revocation lists, 88, 222
    • certificate elements, 87
  • CFB (Cipher Feedback), 245
  • chain of custody documentation, 213
  • chain of custody forms, 211
  • challenge/response process, token-based authentication, 12
  • change control, 201
  • change logs, 201
  • change management, 23–24, 34, 247
  • check/time of use, 266
  • checklist review, 214, 216, 242, 251, 256, 259, 265
  • Christmas tree scans, 210
  • Cipher Block Chaining (CBC), 245
  • Cipher Feedback (CFB), 245
  • civilian data classifications, 77
  • client-servers, securing data, 78–79
  • clipping (logs), 210
  • closed-circuit television, 198
  • cloud computing, 249, 250, 251, 261
    • IaaS, 160
    • models, 137, 151
    • object-based storage systems, 134
    • responsibilities, 152
    • service types, 177
    • web-based email services, 178
  • cloud e-commerce applications, technologies, 186
  • cloud environments, 128
  • cloud infrastructure, load balancers, 103
  • cloud solutions, 128, 129
  • cloud-based applications, access control, 11
  • cloud-based services, types, 171
  • CMM. See Capability Maturity Model (CMM)
  • code analysis, 209, 257
  • codes of ethics, 19, 195
  • cold sites, 215
  • collection phase, 246
  • collision attacks, 221
  • command-and-control servers, detecting botnets, 44
  • command-line protocols, server administration, 81
  • Common Access Card, 194
  • Common Vulnerability and Exposure (CVE), 202
    • new exploits, 208
  • compensating access controls, 199
  • Compute as a Service, 262
  • computer security incident response team (CSIRT), 61
  • Computer Security Incident Response Team (CSIRT), roles, 211
  • confidentiality breaches, 200, 252
  • confidentiality controls, 197
  • confidentiality of information, 19
  • configuration control, 201
  • conflicts of interest, codes of ethics, 19
  • constrained interfaces, 262
  • content distribution network (CDN), 217, 249
  • context-dependent control, 262
  • contract disputes, verbal agreements, 144
  • control categories, 20
  • control objective frameworks, 51
  • corrective access controls, 199
  • cost-benefit analysis, quantitative risk analysis, 210
  • Counter (CTR), 245
  • Counter Mode Cipher Block Chaining Message Authentication Mode Protocol, (CCMP), 109
  • credential management systems, 190
  • credentials, management, 7
  • credit card numbers, 219
  • CRIME attack, 219
  • cross-site scripting attacks, 96
  • crossover error rate, 188
  • cryptographic algorithms
    • keys, 151
    • nonrepudiation support, 88
  • cryptographic erase, 210
  • cryptographic tools, defense-in-depth, 76
  • cryptography
    • attack types, 85
    • cypher types, 86
    • decryption keys, 147
    • digital signatures, 147
    • encryption keys, 147
    • file transfer protocols, 89
    • goals, 84, 85, 139, 154
    • hash functions, 84
    • inspection of algorithms, 85
    • meet-in-the-middle attack, 214
    • obsolete algorithms, 85
    • substitution cyphers, 222
    • symmetric cryptosystems, 84
    • transposition cyphers, 222
  • cryptosystems
    • keys, 259
    • symmetric encryption algorithms, 88
  • crystal box penetration testing, 241, 258, 264
  • cryptographic systems, 76
  • CSIRT. See Computer Security Incident Response Team (CSIRT)
  • CTR (Counter), 245
  • CVE. See Common Vulnerability and Exposure (CVE)
  • cyphers, 86
  • cyryptographic algorithms, keys, 155

D

  • DAC. See discretionary access control (DAC)
    • compared to MAC, 8
    • flexibility and scalability, 31
  • DARPA TCP/IP model, compared to OSI, 108
  • data, categories, 79
  • data at rest, 78–79, 219
  • data breaches, 23
    • laptops, 76
  • data centers
    • physical safety, 65
    • risk assessment, 37
  • Data Encryption Standard (DES), 218
  • data in motion, 110, 219
  • data in transit, 220
    • encryption, 150
    • protecting, 81
    • TLS, 219
  • data integrity monitoring, 205
  • Data Link layer, 181, 263
  • data minimization, 217
  • data remanance, 116
  • data retention, electronic signatures, 81
  • data storage, 198
  • data streams, 263
  • data tampering, solutions, 47
  • database servers, fault tolerance, 66–67
  • datagrams, 263
    • OSI layers, 180
  • DDoS. See distributed denial-of-service (DDoS) attacks
  • de-encapsulation, 244
  • decentralized access control, 5, 151, 189, 250
  • decryption keys, 147
    • symmetric cryptosystems, 89
  • defense in depth, 196, 197
    • cryptographic tools, 76
  • denial-of-service (DoS) attacks, 99, 205, 240, 253
    • amplification attacks, 207
    • filtering, 205
    • fragmented TCP packets, 104
    • security goals, 93
    • SYN floods, 157
    • types, 33
  • deprovisioning, 241
  • DES encryption. See Data Encryption Standard (DES)
    • 2DES vulnerabilities, 86
    • 3DES, 244
    • alternative tools, 81
    • encryption key bits, 221
    • key bit size, 84
    • meet-in-the-middle attacks against, 222
  • design review phase, 201
  • destroying data, 210
  • detection phase (incident response), 216
  • detective controls, 242, 247, 252
  • deterrence, 256
  • device authentication, 188
  • device fingerprinting, 240
  • device-based authentication, 2
  • devices
    • inventories, 211
    • mobile vulnerabilities, 124
    • network protocols, 163
    • network traffic controlling, 152
    • uniquely identifying, 132
  • dictionary attacks, 208, 240, 253
  • differential backups, 214, 245, 255
  • Diffie-Hellman protocol, 220
    • symmetric encryption keys, 221
  • digital certificates, 188, 254. See also self-signed certificates
    • certificate revocation lists, 87, 88, 222
    • encryption keys, 83–84
    • keys, 162
    • self-signed, 217
    • standards, 86
    • trust requirements, 87, 222
    • X.509 standard, 222
  • digital content management, 196
  • digital labels, 218
  • digital signatures, 147, 196, 249, 254
    • creating, 247
    • cryptographic algorithm support, 86
    • nonrepudiation, 247
    • private encryption keys, 221
    • repudiation and, 248
    • symmetric encryption algorithms, 222
  • direct evidence, 217
  • directive controls, 247, 252
  • directory traversal attack, 210
  • disaster recovery plans, 68, 136, 183, 242, 256
    • calculating acceptable loss, 138
    • checklist review, 214
    • completing, 215
    • facility selection, 164
    • full interruption tests, 214
    • parallel tests, 214
    • process completion, 69
    • recovery capabilities, 69
    • recovery techniques, 69
    • response tests, 172
    • risk acceptance, 208
    • tabletop exercise, 214
    • test types, 166
    • testing, 154
    • variables, 146
  • disaster recovery tests, 67, 70
  • disclosure (incident response), 211–212
  • discovery, 248
  • discretionary access control (DAC), 191, 192, 194, 195, 199, 244, 261
  • discretionary account provisioning, 240
  • distributed denial of service (DDoS) attacks
    • defenses, 125
    • NTP Services, 37
    • security goals, 93
  • DNS. See Domain Name System (DNS)
  • documentary evidence, 217
    • best evidence rule, 240
    • hearsay rule, 240
  • documentation
    • business continuity plans, 63, 212
    • centralized authentication records, 216
    • chain of custody forms, 211, 213
    • emergency response guidelines, 212
    • forensic investigations, 162
    • Information Technology Infrastructure Library (ITIL), 207
    • ISO 27002, 207
    • lessons learned phase, 217
    • NIST 800 series, 198
    • NIST SP 800-12, 202
    • NIST SP 800-122, 219
    • NIST SP 800-53A, 202
    • postmortem incident review, 72
    • provider-customer relations, 170
    • SLAs, 215
    • types, 172
    • vital records, 197
  • Domain Name System (DNS), 182, 264
  • door locks, 32
  • DoS. See denial-of-service (DoS) attacks
  • driver’s license numbers, 219
  • dual power supply, 244
  • dynamic knowledge-based authentication, 190–191

E

  • eavesdropping attacks, 197
  • ECB (Electronic Codebook), 245
  • education. See also training
    • incident response, 210
  • EFS. See Encrypting File System (EFS)
  • egress filtering policies, 104
  • egress monitoring, 145
  • electromagnetic field, capacitance motion detectors, 241
  • electromagnetic interference (EMI), 264
  • Electronic Codebook (ECB), 245
  • electronic discovery reference model, 144
  • electronic signatures, 220
    • data retention and, 81
  • electronic vaulting, 212, 215
  • elevation of privilege threats, 47, 205, 206
  • email, 149
    • confidential data, 112
    • confidentiality, 180
    • encryption, 82, 220
    • integrity, 166
  • embedded device analysis, 214
  • emergency response guidelines, 136, 212, 242, 261
  • Encapsulating Security Payload (ESP), 221, 262
    • Transport mode, 223
    • Tunnel mode, 223
  • encapsulation, 254
    • de-encapsulation, 244
  • encrypted viruses, 257
  • Encrypting File System (EFS), 219
  • encryption, 197, 247, 248
    • algorithms, 80, 150
    • asymmetric systems, 161–162
    • cellular networks, 257
    • DES alternative tools, 81
    • DES key size, 84
    • digital signature support, 86
    • email, 82, 220
    • full disk, 180, 263
    • logs, 243
    • metrics, 148
    • proprietary data, 78
    • protecting backups, 81
    • protecting sensitive information, 217
    • public keys, 247
    • RADIUS, 218
    • stolen devices, 242
    • technologies, 80
    • traffic sniffing, 218
    • unencrypted networks, 253
    • USB thumb drives, 82
    • Web of Trust, 217
  • encryption keys, 85, 147, 151
    • 3DES, 141
    • AES length, 157, 168
    • asymmetric encryption systems, 87
    • binary key spaces, 221
    • digital certificates, 83–84, 162
    • digital signatures, 147
    • private key storage, 160
    • private messages, 162
    • symmetric cryptosystems, 171
    • symmetric encryption algorithms, 88
    • TLS, 87
    • varying key strength, 86
    • WEP, 105
  • enterprise devices, message logging standards, 40
  • enterprise resource planning (ERP), port scanning, 117
  • entitlement (privileges), 194
  • erasing data, 210
  • ERP. See enterprise resource planning (ERP)
  • escalating (incident response), 211
  • ESP. See Encapsulating Security Payload (ESP)
  • ESP (IPSec), transport mode, 88
  • espionage, 200
  • Ethernet
    • cabling, 133
    • jam signals, 109
    • spanning distances, 93
    • topologies, 93
  • Ettercap, 246
  • EU GDPR, personal information, 115
  • EU-U.S. Privacy Shield, 249
  • events, criteria, 210
  • evidence. See forensic evidence
    • best evidence rule, 246
    • chain of custody documentation, 213
    • civil investigations, 265
    • criminal investigations, 265
    • criteria, 214
    • direct, 217
    • expert opinion, 216–217
    • forensic investigation standards, 181
    • handling, 210
    • hearsay rule, 240
    • operational investigations, 265
    • parole evidence rule, 240, 246
    • real, 217, 246
    • regulatory investigations, 265
    • testimonial, 240
  • evidence documentary, 217
  • evolution testing, 202
  • excessive provisioning, 254
  • exiftool, analyzing JPEGs, 58
  • expert opinion evidence, 216–217
  • exploits. See also attacks
    • CVE, 208
    • Metasploit, 209
    • social engineering and, 260
    • testing tools, 144
  • exposure factor (risk assessment), 37, 201, 255
  • external audit, 260
  • extranets, 2, 188

F

  • failover clusters, 213
  • FAR (authentication), 3–4, 188, 240
  • fault tolerance, 195
    • database servers, 66–67
  • fault-tolerant systems, RAID 5, 63
  • FCoE (Fibre Channel over Ethernet), 249
  • federated identity management, technologies, 10
  • fences, 196
    • minimum height, 31
  • fiber-optic cable, 264
  • Fibre Channel over Ethernet (FCoE), 249
  • file attributes, Linux, 3
  • file encryption, 217
  • file integrity monitoring, 217
  • file servers
    • accessing, 10
    • accessing securely, 21
    • integrity controls, 22
  • File Transfer Protocol (FTP), 219, 244
  • file transfer protocols, cryptography, 89
  • FileVault, 220
  • filtering, beacons, 210
  • fingerprint scanning, 248
    • automated system, 240
    • errors, 9
  • fingerprinting, devices, 240
  • fire detection technologies, 28, 198
  • fire extinguishers, 30
    • Class B, 242
    • liquid-based fires, 136
  • fire suppression systems, 29, 140, 196, 198, 244, 253
  • fires
    • liquid-based, 136, 242
    • suppression mechanisms, 160
  • FireSheep, 253
  • firewalls, 196
    • access control, 10
    • application-level, 243
    • architectures, 98
    • availability issues, 110
    • connection status between packs, 139
    • controls in SaaS environment, 126
    • denial-of-service attacks, 106
    • designs, 96, 108, 109
    • iptables rulesets, 115–116
    • logs, 241
    • network communications, 98
    • risk assessment, 39
    • rule-based access control, 192
    • rulebases, 107–108
    • rules, 197
    • static packet filters, 244
    • traffic filtering, 138
    • traffic inspecting, 111
  • firmware, malware, 213
  • flags (TCP), setting, 210
  • footers, removing, 244
  • forensic analysis, 264, 265
    • hard drives, 68
  • forensic disk controller, 67, 213
  • forensic evidence
    • admissibility, 67
    • civil cases, 62
  • forensic hard drive images, 211
  • forensic investigation
    • beyond-a-reasonable doubt standard, 183
    • documentation, 66, 162
    • evidence handling, 210
    • evidentiary standards, 181
    • forms, 60
    • imaging virtual machines, 61
    • SQL injection attacks, 72
    • types, 179
  • forest trusts, 252
  • format string vulnerabilities, testing, 37
  • frames, 263
  • fraud detection, 22
  • FRR (authentication), 3–4, 188, 240
  • FTP. See File Transfer Protocol (FTP)
    • securing data, 79
  • full disk encryption, 217, 219, 263
    • BitLocker, 180
  • full interruption tests, 216, 251, 256, 259, 265
    • disaster recovery plans, 214
  • full-mesh topologies, 106
  • fully qualified domain names (FQDNs), 264
  • fuzzers, 201, 207

G

  • gateways, 250
  • Google, identity integration, 173
  • Google accounts
    • OpenID, 190
    • text message verification, 116
  • Google Authenticator, 190
  • GPG encryption, 220
  • Grandfather/Father/Son, backup media rotation scheme, 214
  • gray box penetration testing, 55, 152, 241, 250, 264
  • Group Policy, 203, 244

H

  • hack back activities, 215–216
  • hard drives
    • acquisition types, 211
    • analyzing content, 59
    • cryptographic erase, 210
    • forensic analysis, 68
    • forensic images, 211
    • handling evidence, 210
    • laptop security, 126
    • purging, 59
    • RAID 5, 63
    • software write blockers, 211
    • write blockers, 211
  • hardening network systems, 118
  • hardware, warm sites, 254
  • hardware tokens, 190
  • hardware write blockers, 211
  • hashing, 196
    • algorithms, 83
    • cryptographic hash functions, 84
    • evidence handling, 210
    • functions, 221
    • log file integrity, 217
    • malware identification, 118
    • MD5, 218
    • password hashing flaws, 175
    • salts, 221, 223
    • technologies, 82
  • headers, removing, 244
  • healthcare providers, data types, 181
  • hearsay rule, 240
  • heartbeat sensors, 260
  • help desk, password change incidents, 11
  • heuristic-based antimalware software, 152, 241, 250, 262
  • high microwave frequency signal transmissions, motion detectors, 147
  • hosting services, 72
  • hosts file, malware changes, 117
  • hot sites, 215, 255, 266
  • hot spots, security, 110
  • HTTP port 80, 204
  • HTTP server, application log, 252
  • HTTPS, port 443, 204
  • hypervisor, 260

I

  • (ICS)2 code of ethics, 139, 195, 200
  • IDEA algorithm, 220, 249
  • identification, 9, 191
  • identification cards. See pass cards
  • identification phase, 246
  • identification tools, 261
  • Identity as a Service (IDaaS), 154, 252, 259
  • identity integration, 173
  • identity proofing, 8, 190, 195, 257
  • identity systems, accountability, 204
  • identity verification. See also authorization
    • biometric, 3–4
    • OAuth, 5
    • processes, 7
    • RESTful API, 5
  • IDS. See intrusion detection systems (IDS)
  • implicit deny, 189
  • in-band monitoring, 254
  • Incident classification, keylogging, 58
  • incident classification scheme, unauthorized users, 62
  • incident investigations, 70
    • information gathering, 69
  • incident recovery, 210
  • incident response
    • alerts, 71
    • analyzing JPEGs, 58
    • communication process, 62
    • CSIRT leader role, 211
    • damage control, 71
    • detection stage, 212, 216
    • disclosure, 211–212
    • efficiency, 70
    • file integrity monitoring, 71
    • improving, 61
    • intrusion detection systems, 64
    • lessons learned phase, 216
    • limiting scope, 70
    • memory imaging, 211
    • mitigation phase, 215
    • phases, 71, 145, 164
    • post discovery, 210
    • postmortem documentation, 72, 217
    • postmortems, 211
    • priorities, 58
    • project scope and planning phase, 217
    • remediation, 213
    • repeat botnet attacks, 66
    • stages, 212
    • steps, 213
    • types of evidence, 72
  • incidents, Reporting phase, 246
  • incremental backups, 245
  • information classification systems, security baselines, 28
  • information disclosure, 205
  • information security. See also security
    • control objective frameworks, 51
    • data breaches, 23
    • load balancing, 23
    • overlapping security controls, 24
    • principles, 21, 32
    • Wireshark, 25
  • Information Technology Infrastructure Library (ITIL), 207
  • Infrastructure as a Service, 241, 247, 251, 253, 259, 262
    • cloud computing, 160
    • data remanence, 116
    • port scanning, 119
    • provider responsibilities, 129
    • removing data from drives, 126
    • secure encrypted connections, 123
    • vendor responsibilities, 147
  • inheritable trusts, 190
  • insurance, 263, 266
  • intangible evidence, 214
  • integrity breaches, 200
  • integrity controls, 196
    • file servers, 22
  • international network security, 103
  • interrogations, compared to interviews, 215
  • interviews, compared to interrogations, 215
  • intrusion detection systems (IDS), 39, 49, 203
    • incident response, 64
    • logs, 204, 216
    • security events, 206
    • TCP connections, 44
    • technologies, 173
    • unencrypted FTP traffic, 101
    • virtualized environments, 125
    • wireless, 102
  • inventories, devices, 211
  • IP addresses
    • nonroutable IP addresses, 209
    • types, 161, 178
  • IP spoofing attacks, 111
  • ipconfig, 101
  • IPsec, 178
    • configuration, 83
    • ESP transport mode, 88
  • IPsec tunnels, 219
  • iptables, firewall rulesets, 115–116
  • ISO 27002 standard, 207
  • ITIL. See Information Technology Infrastructure Library (ITIL)

J

  • jam signals, Ethernet, 109
  • John the Ripper, 58, 210

K

  • Kerberos, 193, 241, 245, 252
  • Kerckhoff’s principle, 221
  • key management, 253
  • key risk indicators, 203
  • keyloggers, 19, 22, 196
    • NIST incident classification, 58
  • knowledge-based authentication, 191, 192

L

  • labels, 245
    • access control, 10
    • MAC, 14
  • landline phones, 247
  • lattice-based access control, 192, 244, 261
  • LDAP, 193
  • LEAP protocol, WPA, 107
  • least privilege, 191, 196, 200, 246, 263
  • lessons learned phase (incident response), 216
    • document distribution, 217
  • Linux
    • discretionary access control, 194
    • file attributes, 3
    • iptables-based firewall rulesets, 115–116
    • John the Ripper, 210
    • message logging standards, 40
    • password testing, 58
    • security, 208
    • setting permissions, 13
  • liquid-based fires, 242
    • fire extinguishers, 136
  • load balancers, 103, 244
  • load balancing, 196
    • information security, 23
  • local file inclusions, 209
  • local scans, 210
  • locks, 200
  • log management systems, 204
  • logging
    • application settings, 40
    • archiving logs, 203
    • audit, 208
    • auditing controls, 76
    • authentication logs reviewing techniques, 54
    • bastion host, 243
    • central logging infrastructure, 41, 138
    • clipping, 210
    • encrypting logs, 243
    • firewalls, 241
    • hashing files, 217
    • inconsistent timestamps, 209–210
    • inconsistencies, 53
    • log files, 135
    • log management systems, 44, 175
    • log review, 243
    • log rotation, 243
    • log storage, 243
    • logged-in users, 141
    • login attack types, 46
    • message logging standards, 40
    • modification, 256
    • NTP, 203
    • passwords, 7
    • remote journaling, 215
    • reviewing network traffic information, 51
    • sampling, 210
    • security incidents, 37
    • time sequencing, 42, 203
    • transaction, 215
    • types, 155
    • Windows reboots, 49
  • logic bombs, 248
  • logical acquisition, 211
  • logins, 244
  • logs, Windows, 255

M

  • macro viruses, 129
  • magnetic stripe card, 261
  • malware, 130, 172
    • analysis types, 116
    • APTs, 210
    • BIOS, 213
    • built-in propagation mechanisms, 152
    • detection tools, 115
    • distribution domains, 120
    • finding replaced files, 119
    • firmware, 213
    • hashing packages, 118
    • heuristic-based antimalware software, 152
    • hiding viruses, 168
    • host file changes, 117
    • scan results, 130
    • signature-based detection, 259
    • testing applications, 174
    • testing functionality, 123
    • types, 148, 173
  • malware beaconing, 59
  • malwr.com, 120
  • man-in-the-middle attacks, 208, 218, 240, 246, 253
  • mandatory access control (MAC), 10, 188, 189, 192, 194, 199
    • assigning classifications, 141
  • mandatory vacation programs, 196
  • mantraps, 182, 199, 264
  • markup languages, standards-based, 164
  • MAU (multistation access unit), 248
  • maximum tolerable downtime (MTD), 213, 215, 243, 246, 249
  • maximum tolerable outage (MTO), 249
  • MBSA. See Microsoft Baseline Security Analyzer (MBSA); Microsoft Baseline System Analyzer (MBSA)
  • MD5 hash function, 218
    • collision attacks, 221
    • security of, 222
  • MDM. See mobile device management (MDM)
  • Media Access Control (MAC)
    • access control, 4
    • compared to DAC, 8
    • flexibility and scalability, 31
    • labels, 14
    • OSI layer, 112
  • media analysis, 214
  • medical records, 219
  • meet-in-the-middle attack, 214, 222
  • memory imaging, 211
  • message logging standards, 40
  • messaging systems, 24
  • metadata, 218
  • Metasploit, 52, 203, 209, 246
  • Microsoft Baseline Security Analyzer (MBSA), 204
  • Microsoft Baseline System Analyzer (MBSA), results evaluation, 118–119
  • military computer systems, System High mode, 169
  • minimum security standards, 180
  • Mirai, 260
  • mirroring (RAID), 163
  • mitigation phase (incident response), 215
  • mobile device management (MDM), 136, 241
    • cell phones, 169
    • technologies, 135
  • mobile devices
    • applying consistent security settings, 126
    • vulnerabilities, 124
  • mobile phones, 247
    • remote wiping, 169
  • modes of operation, DES, 142
  • motion detectors, 134
    • capacitance, 241
    • high microwave frequency signal transmissions, 147
    • wave pattern, 247
  • MTD. See maximum tolerable downtime (MTD)
  • multifactor authentication technologies, 6, 149, 192
  • multipartite viruses, 248, 257
  • multistation access unit (MAU), 248
  • mutation testing, 206
  • mutual assistance, 255

N

  • NAT. See network address translation (NAT)
  • National Institute of Standards and Technology (NIST)
    • adverse events criteria, 212
    • assessing security and privacy controls, 38
    • incident classification, 58
    • sanitization and disposition guidelines, 27
    • security incident criteria, 210
    • SP 800 series documentation, 198
    • SP 800-12, 202
    • SP 800-122, 219
    • SP 800-53A, 202
    • SP 800-92, 175
    • threat information types, 62
  • NDAs. See nondisclosure agreements (NDAs)
  • need to know, 262
  • Nessus, 150, 204, 249
  • NetBIOS services, 204
  • netbots, forensic investigations, 70
  • Netflow, 204, 211, 216
  • netstat, output, 124
  • Network Access Control. See access control
  • Network Access Control (NAC), 249
  • network address translation (NAT), 242
    • troubleshooting routers, 98
  • network communications
    • bandwidth consumption, 211
    • broadcast storms, 94
    • disabling SSID broadcasting, 108
    • eavesdropping, 2
    • Ethernet topologies, 93
    • firewalls, 98
    • hotels, 102
    • logging and reviewing, 51
    • monitoring inbound traffic, 136
    • protocol beacons, 210
    • simultaneous transmissions, 111
    • sniffing traffic, 95
  • network devices, message logging standards, 40
  • network flows, 208
  • network infrastructure, separating from control layer, 150
  • network monitoring, bandwidth tools, 60
  • Network Time Protocol (NTP), 203, 244
  • network traffic. See network communications
  • network-enabled printers, 206
  • networks
    • cable lengths, 178
    • cellular security considerations, 169
    • device protocols, 163
    • failover clusters, 213
    • International network security, 103
    • Internet access tools, 101
    • services, 165
    • specialized, 2
    • topologies, 93–97, 102, 148, 153
    • unencrypted, 253
  • new users
    • access control, 3
    • default access, 9
    • default privileges, 15
    • object availability, 13
  • Nikto, 203, 246
  • NIST. See National Institute of Standards and Technology (NIST)
  • NIST SP 800-12, 202
  • NIST SP 800-122, 219
  • NIST SP 800-53A, 202
  • Nmap, 48, 206, 208
    • default ports, 208
    • port scanning, 106
    • results, 52
  • non-IP protocols, 106
  • nondisclosure agreements (NDAs), 195
  • nondiscretionary access control, 2, 244
  • noninheritable trusts, 190
  • nonregression testing, 202
  • nonrepudiation, 197, 222, 248
    • asymmetric encryption algorithm, 223
    • cryptographic algorithms, 88
    • digital signatures and, 247
    • goals, 150
  • nonroutable IP addresses, 209
  • nontransitive trusts, 190
  • nslookup, attacks, 110
  • NTFS filesystems, access control, 8
  • NTP. See Network Time Protocol (NTP)
  • NTP services, DDoS attacks, 37

O

  • OAuth, 193
    • authentication, 5
  • object-based storage systems, 134, 241
  • objects, 189
    • new user availability, 13
    • ownership, 13
    • types of, 4
  • OFB (Output Feedback), 245
  • one-way trusts, 190
  • OpenID, 193
  • OpenID Connect, 194
  • OpenID standard, 190
  • OpenVAS, 150, 204, 249
  • operational investigations, 263
  • OS fingerprinting, 208
  • OSI layers, 94, 112, 139, 145
    • compared to DARPA TCP/IP model, 108
    • Data Link, 181
    • datagrams, 180
    • headers and footers, 161
    • layer 6, 109
    • MAC addresses, 112
    • order, 95
    • packet traversal, 101
    • TCP, 164
    • UDP, 164
  • OSPF (Open Shortest Path First), 254
  • out-of-band identity proofing, 190, 195, 254
  • Output Feedback (OFB), 245

P

  • P2P CDNs, 217
  • packet capture data, 216
  • packet filters, 243
  • packet injection, 218
  • packet sniffing, 211
  • packets, 246
    • tracking connection status, 139
  • palm scans, 193
  • parallel tests, 216, 251, 256, 259, 265
    • disaster recovery plans, 214
  • parameter checking, 199
  • parole evidence rule, 240, 246
  • partial backups, 255
  • pass cards, 176
    • security, 15
    • types, 140–141
  • pass-the-hash attacks, 262
  • passive scanning, 102
  • passwords, 10
    • automated password cracking attacks, 88
    • brute-force attacks, 151, 201, 205, 208
    • complexity, 250
    • cracking attacks, 154
    • dictionary attacks, 208
    • directory traversal attack, 210
    • expiration, 9, 192
    • hash salts, 182, 221, 223
    • hashing flaws, 175
    • help desk incidents, 11
    • identity and access management, 12
    • improving, 11
    • improving strength, 179
    • John the Ripper, 210
    • laptop security, 126
    • length, 251
    • mandatory, 242
    • patching, 202
      • mobile devices, 261
      • SQL injection attacks, 41
      • terminology, 128
      • testing software patches, 39, 172
      • web server vulnerabilities, 39
      • Windows 2012 servers, 115
    • rainbow table attacks, 83, 139
    • reset tools, 192
    • rotation, 7
    • sharing, 252
    • testing, 58
  • path disclosures, 209
  • payloads, 244
  • Payment Card Industry Data Security Standard (PCI DSS), 219
  • payment cards, 25
  • PCI DDS. See Payment Card Industry Data Security Standard (PCI DSS)
  • penetration testing, 38, 48
    • black box, 201, 202
    • crystal box, 241
    • false ARP data, 104
    • gray box, 55
    • hashed password attacks, 177
    • hazards of, 206
    • IP addresses, 209
    • Metasploit, 52, 209
    • Nmap, 208
    • Nmap results, 52
    • nonroutable IP addresses, 209
    • preparation, 49
    • scan types, 54
    • steps, 206
    • STRIDE, 166
    • training assessment, 148
    • types, 135, 171, 181
    • white box, 241
    • wireless networks, 93
  • Penetration testing, Bluetooth, 101
  • permissions, 188
    • resource-based controls and, 256
    • setting on Linux server, 13
  • personal health information (PHI), 266
  • personal identity verification (PIV) cards, 194
  • personally identifiable information (PII), 19, 79, 183, 195, 220, 246, 266
    • types, 82
  • PGP. See Pretty Good Privacy (PGP)
  • PHI (personal health information), 266
  • phishing, 253
  • photo metadata, 210
  • physical controls, 242
  • physical infrastructure hardening, 20
  • Physical layer, 246
  • physical security, 137, 154
    • access cards, 30–31
    • fences, 31, 196
    • fire suppression systems, 140
    • goals, 167
    • locks, 200
    • motion detectors, 29, 134
    • pass cards, 15, 176
    • types, 144
    • wiring closets, 30
  • PII. See personally identifiable information (PII)
  • ping flood attack, 248
  • ping utility, filtering results, 105
  • plaintext attacks, 222
  • Platform as a Service, 251, 253, 259, 261, 262
  • PMBOK. See Project Management Body of Knowledge (PMBOK) Guide
  • point-of-sale terminals, 134
  • polymorphic viruses, 257, 260
  • POODLE attack, 219
  • port 20 (TCP), 204
  • port 22 (SSH), 204
  • port 43 (TCP), 203
  • port 443 (HTTPS), 204
  • port 80 (HTTP), 204
  • port scanning, 208, 248
    • coverage issues, 53
    • ERP, 117
    • Infrastructure as a Service, 119
    • Nmap, 206
    • Nmap results, 52, 106
    • system identification, 45
    • TCP ports, 47, 170
    • tools, 39
    • UDP ports, 170
  • port-based authentication, 95
  • Portmon, 211
  • ports
    • intrusion prevention, 45
    • status messages, 207
    • syslog service, 172
    • unencrypted FTP traffic, 101
  • post-admission access control, 161, 254
  • postmortem reviews, 217
  • preaction fire suppression systems, 198
  • preservation phase, 246
  • Pretty Good Privacy (PGP), 217, 220
  • preventive controls, 247, 252
  • private encryption keys, 223
    • confidentiality, 221
    • storage, 160
  • private information, 218
  • private IP addresses, 262
  • private messages, encryption keys, 162
  • private networks, non-IP protocols, 106
  • privilege creep, 13, 242, 248, 254
  • privileged access review, 249
  • privileges, 8, 241
    • default for new users, 15
    • employee position changes, 170
    • entitlement, 194
    • excessive, 258
    • least privilege, 246
  • probability/impact matrix, 260
  • procedures, 259
  • processing phase, 246
  • production code, conflicting modifications, 34
  • project management, 207
  • project scope, business continuity planning, 73
  • project scope and planning phase (incident response), 217
  • proprietary data, encryption, 78
  • proprietary information, 218
  • protected health information (PHI), 264
  • protected information, types, 145
  • protecting information, 217
  • protocols, 182
    • backend authentication, 98
    • beacons, 210
    • Diffie-Hellman, 220
    • DoS attacks, 157
    • messaging systems, 100
    • network devices, 163
    • secure file transfers, 183
    • ticket-based authentication, 12
    • timestamp inconsistencies, 140
  • provisioning, 133–134, 194, 260
    • automated-account, 241
    • deprovisioning, 241
    • discretionary provisioning, 240
    • excessive, 254
    • reprovisioning, 241
    • role changes and, 241
    • self-service, 241
    • workflow-based, 240
  • provisioning diagram, 133
  • Proximity cards, 244
  • public encryption keys, 223, 247, 254
  • public information, 218
  • purging, cryptographic erase, 210

Q

  • qualitative risk assessment, 183, 207, 260, 265
  • quantitative risk analysis, 54, 207
    • cost-benefit analysis, 210
    • matrix, 64

R

  • race conditions, 209
  • RADIUS authentication, 193, 218, 241
    • alternatives for Cisco network gear, 135
    • VPNs, 77
  • RADIUS servers, monitoring traffic, 104
  • RAID, 195, 196, 255, 266
    • mirroring, 163
  • RAID 5, 63, 153, 212
  • rainbow table attacks, 83, 139, 208, 243–244
  • rainbow tables, 251, 262
  • ransomware, 196
    • prevention techniques, 120
  • RARP. See Reverse Address Resolution Protocol (ARP)
  • read-only attributes, 196
  • real evidence, 217, 246
  • record retention, 198
  • records management programs, 197
  • recovery point objective (RPO), 215, 243, 247
  • recovery time objective (RTO), 215, 243, 246, 263, 266
  • registration, 194, 250
  • regression testing, 201, 202, 206, 259
  • release control, 201
  • remediation phase, 255
  • remote access
    • tools, 97
    • VPM, assessing security, 77
    • vulnerabilities, 127
  • remote journaling, 215
  • remote mirroring, 215
  • remote scans, 210
  • remote wipes, 242, 258
  • Reporting phase, 246
  • reprovisioning, 241
  • repudiation, 205, 206, 261
  • request control process, 201
  • reset tools (passwords), 192
  • resource exhaustion attacks, 124
  • resource planning, security testing, 34
  • resource-based controls, 256
  • RESTful API, identity verification, 5
  • retina scans, 263
    • biometric authentication, 179
  • Reverse Address Resolution Protocol (RARP), OSI layer, 99
  • RFC 1918, nonroutable IP addresses, 209
  • RFID devices, 193
  • rights, 8
    • delegating, 15
    • employee job changes, 148
  • rights management, 189
  • RIP (routing information protocol), 254
  • risk acceptance, 205, 208, 247, 258
  • risk assessment, 207
    • annualized loss expectancy, 38
    • annualized rate of occurrence, 38
    • approaches, 51
    • asset valuation methods, 51
    • business continuity plans, 146
    • data centers, 37
    • exposure factor, 37
    • firewalls, 39
    • formulas, 53, 208
    • high probability/impact incidents, 213
    • metrics, 42, 142, 145
    • qualitative, 183
    • quantitative analysis, 54
    • response behavior types, 45
    • types, 174
  • risk avoidance, 201, 247
  • risk management, 197, 203, 204
    • accepting risks, 52
    • insurance, 179, 184
    • intrusion detection systems, 39
    • key risk indicators, 203
    • strategies, 46, 170
    • transference, 169
  • risk mitigation strategies, 149, 203, 247
  • risk transference, 258, 263, 266
  • rogue devices, identifying, 61
  • role-based access control, 194, 205, 244
  • roles, 244
    • business continuity, 241
  • root-cause analysis (incident response), 213
  • routers, 250
  • RPO. See recovery point objective (RPO)
  • RSA cryptosystems, 249, 266
    • digital signatures, 222
    • key lengths, 186
  • RST flag (TCP), 94
  • RTO. See recovery time objective (RTO)
  • rule-based access control, 192, 194, 244, 261
  • rules of evidence, 132
  • rwx file attribute, 3

S

  • sabotage, 200
  • SAINT, 150
  • salts, 221, 223, 260–261, 265
    • password hashes, 182
  • SAML, 193. See Security Assertion Markup Language (SAML)
  • sampling (logs), 210
  • sandboxes, 260
  • sanitation, 198
  • scanning
    • available services, 38
    • Christmas tree, 210
    • intrusion detection, 44
    • local scans, 210
    • penetration testing, 54
    • ports, 39
    • remote scans, 210
    • Xmas, 210
    • zero-day vulnerabilities, 53
  • scheduled backups, 196
  • SCP file transfer protocol, 220
  • scripting attacks, 96
  • Secure Copy (SCP), 223
  • secure file transfers, protocols, 183
  • Secure Shell (SSH), 220, 244
  • Secure Sockets Layer (SSL), 218
  • security. See also attacks; information security
    • access control principles, 33
    • access restrictions, 144
    • access types, 142
    • administrative privileges, 33
    • administrative processes, 26
    • awareness programs, 124
    • best practices, 32
    • cellular networks, 169
    • change management, 23–24
    • configuration documentation, 22
    • configurations, 26
    • controls, 184
    • DAC compared to MAC, 31
    • data breaches, 23
    • door locks, 32
    • employee knowledge, 26
    • false vendors, 21
    • file server access, 21
    • format string testing, 37
    • fraud detection, 22
    • hot spots, 110
    • incident information, 37
    • information sanitation, 198
    • information security principles, 21
    • International network security, 103
    • keyloggers, 19, 22
    • Linux, 208
    • mantraps, 199
    • measuring effectiveness, 168
    • messaging systems, 24, 100
    • military computer systems, 169
    • motion detectors, 29
    • NIST 800 series documentation, 198
    • NIST incident criteria, 210
    • out-of-date devices, 176
    • pass cards, 15, 176
    • passwords, 179
    • payment cards, 25
    • physical, 144, 154, 167
    • physical infrastructure hardening, 20
    • physical locks, 200
    • privileged access reviews, 150
    • profiles, 198
    • resource planning testing, 34
    • security baselines, 28
    • shipping backup data, 87
    • stolen laptops, 125
    • technical controls, 23
    • tools, 129
    • training, 198
    • voice pattern recognition, 142
    • VPN access issues, 96
    • workstations, 26
  • Security Assertion Markup Language (SAML), 192
  • security cards, 30–31
  • security controls, 199
    • buffer overflow attacks, 30
    • categories, 31–32
    • long-term maintenance, 19
  • security events, 207
  • security incidents, 68
    • effects, 214
    • NIST criteria, 210
  • security information and event management (SIEM), 243, 261
    • logging compliance, 42
  • security labels, 219–220
  • security policies
    • enforcing, 151
    • exceptions, 25
    • verifying compliance, 9
  • security standards, 180
  • security baselines, compliance, 41
  • segregation of duties, 200
  • self-service provisioning, 241
  • self-signed certificates, 76, 217, 222. See also digital certificates
    • applications, 87
  • senior management roles, 212
  • sensitive information, 218
  • separation of duties, 196, 200, 261, 262
  • serial ports, monitoring, 211
  • Serpent, 219
  • server administration, command-line protocols, 81
  • server clustering, 196
  • service accounts, security, 180
  • Service as a Service, port scanning, 117
  • service bureaus, 215
  • service fingerprints, 209
  • service level agreements (SLAs), 215, 243, 247, 258
  • Service Provisioning Markup Language (SPML), 255
  • services (network), 165
  • session keys, TLS, 222
  • session management solutions, 127
  • SFTP file transfer protocol, 220, 265
  • shared keys, transaction identification problems, 205
  • shared tenancy model, 243
  • shortcut trusts, 252
  • SIEM. See security information and event management
  • signature-based detection, 191, 259
  • signatures, vulnerability scanning, 209
  • simulation tests, 242
  • single loss expectancy, 202
  • Single Loss Expectancy (SLE), 245
  • single point of failure, 140
  • single sign-on, 6, 260
    • browser-based, 192
    • federated identity management, 10
    • implementations, 142
  • Six Cartridge Weekly, backup media rotation scheme, 214
  • Skipjack, 249
  • SLA. See service level agreements (SLAs)
  • SLE (Single Loss Expectancy), 245
  • smart cards, 190, 193, 199
  • smoke testing, 202
  • SMTP (Simple Mail Transfer Protocol), 263
  • snapshotting (incident response), 211
  • SNMP (Simple Network Management Protocol), 211, 261
  • SOAP (Simple Object Access Protocol), 255
  • social engineering, 248, 252
    • preventing, 260
  • Social Security numbers, 219
  • software, restricting use, 134
  • software analysis, 214
    • application logs, 217
  • software approval technologies, 129
  • Software as a Service, 251, 253, 259, 262
    • auditing, 182
    • firewall controls, 126
  • software testing, test design, 49
  • software tokens, 190
  • software write blockers, 211
  • software-defined networking (SDN), 247, 249
  • SP 800-150 (NIST), 62
  • sparse acquisition, 211
  • spoofing, 205, 206
  • SQL injection attacks, 41
    • forensic investigations, 72
    • software logs analysis, 217
  • sqlmap, 203, 208
  • SSH. See Secure Shell (SSH)
  • SSID broadcasting, 253
    • disabling, 108
  • SSL. See Secure Sockets Layer (SSL)
  • standards
    • digital certificates, 86
    • X.509, 222
  • standards-based markup languages, 164
  • star topology, 148, 251
  • stateful inspection firewall, 244
    • rulebases, 107–108
  • static analysis testing, 201, 206
  • static packet filters, 243, 244
  • static tokens, 190
  • stealth viruses, 257
  • stolen devices, 242
  • STRIDE, 184
    • application threat modeling, 182
    • attack types, 49
    • categories, 205
    • penetration testing, 166
    • spoofing and, 266
    • threat mitigation, 47
    • threat types, 176
  • striping with parity (RAID 5), 212
  • Stuxnet worm, 219
  • subject/object model, 145, 192, 258
  • substitution cyphers, 222
  • superuser privileges, 34
  • supply chain management, 195
  • switches, 250
  • symmetric cryptosystems, 249
    • algorithms, 84
    • decryption keys, 89
    • digital signatures, 222
    • formula for number of keys, 222
    • keys, 171, 223
    • nonrepudiation, 223
  • symmetric cyphers, 220
  • symmetric encryption algorithms, 220
  • symmetric keys, shared, 205
  • SYN floods, 253
    • protocols, 157
  • SYN scans, 210
  • synchronous soft tokens, 190
  • synchronous tokens, 193
  • syslog, 203, 243
    • severity levels, 242
  • syslog events, 42, 136
  • syslog service, UDP ports, 172
  • system administrators, configuration settings templates, 34
  • system backups, avoiding errors, 66
  • System High mode, security clearances, 169

T

  • tabletop exercise, 216, 242, 251–252, 256, 259, 265
    • disaster recovery plans, 214
  • TACACS+ (Terminal Access Controller Access-Control System), 241
  • tampering, 205
  • tangible evidence, 214
  • task-based access control, 194, 261
  • TCP. See Transmission Control Protocol (TCP)
  • TCP wrappers, 254
  • teardrop attacks, 240
  • technical access controls, 199
  • Telnet, 219
    • securing data, 79
  • TEMPEST, 218
  • testimonial evidence, 240
  • testing methodologies, 152, 201, 250
  • text messages, Google accounts, 116
  • THC Hydra, 246
  • threat actors, 211
  • threat assessment, STRIDE categories, 205
  • threat information types, NIST, 62
  • threat modeling, 265
    • technologies, 203
  • threats, 203
  • three-way handshake (TCP), 111, 137, 168, 242, 255, 257
  • thumb drives, encryption, 82
  • ticket-based authentication protocols, 12
  • time-based algorithms, 190
  • timestamps
    • inconsistencies, 140, 209
    • photo metadata, 210
  • TLS. See Transport Layer Security (TLS)
  • TOC/TOU attack, 266
  • Token Ring, 248
  • token-passing networks, 95
  • tokens, 190
    • access control, 6
    • challenge/response process, 12
    • presentation, 189
  • topologies, 153, 248
    • Ethernet, 93
    • full-mesh, 106
    • star, 251
    • token-passing networks, 95
  • Tower of Hanoi, backup media rotation scheme, 214
  • trace logs, 208
  • trade secret information, marking for identification, 77
  • training. See also education
    • business continuity plans, 63, 212
    • security, 198
  • transaction identification issues, 47, 205
  • transaction logging, 215
  • transactions
    • remote mirroring, 215
    • TLS, 77
    • traffic sniffing, 218
  • transitive trusts, 190
  • Transmission Control Protocol (TCP), 163, 182, 264
    • OSI layers, 164
    • port 43, 203
    • port scanning, 170
    • ports and protocols, 103, 204
    • RST flag, 94
    • setting flags, 210
    • three-way handshake, 111, 137, 168
  • Transport layer, 263
  • Transport Layer Security (TLS), 218, 219, 244, 255
    • bank transactions, 77
    • encryption keys, 87
    • session keys, 222
  • Transport mode, ESP, 223
  • transposition cyphers, 222
  • Trojan horses, 252
  • Trojan horses, 248
  • trust
    • active Directory, 7
    • digital certificate, 222
    • digital certificates requirements, 87
    • inheritable, 190
    • noninheritable, 190
    • nontransitive, 190
    • one-way, 190
    • relationships, 7
    • self-signed certificates, 217
    • transitive, 190
    • Web of Trust, 217
  • Tunnel mode, ESP, 223
  • turnstiles, 266
  • Type 1 authentication factors, 190
  • Type 2 authenticators, 194
  • Type 3 authenticators, 12

U

  • UDP, 263. See User Datagram Protocol (UDP)
  • unauthorized user access, 254
    • incident classification scheme, 62
  • unit testing, 259
  • Unix, message logging standards, 40
  • USB drives, encryption, 82
  • user acceptance testing, 24
  • User Datagram Protocol (UDP), 182, 264
    • OSI layers, 164
    • port 53, 50
    • port scanning, 170
    • ports, 204
    • syslog ports, 172
  • user IDs, 13
  • usernames, 188, 261
  • users
    • access control, 3
    • access permissions, 32
    • accountability, 46
    • offsite and availability, 11
    • privileges, 8
    • user IDs, 152
    • validating identity, 167

V

  • validation, 193
    • digital certificates standards, 86
    • parameter checking, 199
    • user identity, 167
  • verbal agreements, contract disputes, 144
  • verification
    • closed-circuit television, 198
    • Google and text messages, 116
  • virtual LANs (VLANs), 196
  • virtual machines
    • imaging, 61
    • malware testing, 123
  • virtual platforms
    • management interface, 122
    • monitoring tools, 122
    • vulnerability scanning, 122
  • virtual private networks (VPNs), 188, 196, 218
    • access issues, 96
    • accessing file servers, 10
    • backend authentication protocols, 98
    • RADIUS authentication, 77
  • virtualization models, 128
    • full guest operating systems, 71
  • virtualization platforms
    • modules, 173
    • recovery after incidents, 126
  • virtualized environments
    • security issues, 125
    • separating guest machines, 127
  • virtualized operating systems, 124
  • viruses, 149, 248
    • encrypted, 257
    • hiding from anti-malware software, 168
    • macro viruses, 129
    • multipartite, 248, 257
    • polymorphic, 257, 260
    • scan results, 130
    • stealth viruses, 257
  • vital records programs, 25
  • VLANs, 242. See virtual LANs (VLANs)
    • endpoint systems, 98
  • VM escape exploits, 125
  • VMWare, security controls, 122
  • voice pattern recognition, 142, 245
  • VoIP phones, 103
  • Volatility memory forensics framework, 211
  • VPNs, 257. See virtual private networks (VPNs)
  • vulnerabilities, 203, 248
  • vulnerability scanning, 55, 202
    • handling vulnerabilities, 46
    • incorrect reporting, 38
    • Metasploit, 209
    • open source tools, 44
    • remediating vulnerabilities, 44
    • remote access vulnerabilities, 127
    • remote compared to on site, 59
    • signatures, 209
    • software patching, 202
    • sqlmap, 208
    • types, 180
    • unauthorized, 214
    • validation, 205
    • virtual systems patches, 121–122
    • zero-day attacks, 53
  • vulnerability testing, fuzzers, 201

W

  • warm sites, 215, 254, 255, 259
  • watermarks, 218
  • wave pattern motion detectors, 247
  • WDS. See Windows Deployment Services (WDS)
  • web browsers, testing tools, 51
  • web forms, format string testing, 37
  • Web of Trust (WoT), 76, 217
  • web servers
    • patching vulnerabilities, 38
    • recovery after incidents, 126
    • self-signed certificates, 76
    • single point of failure, 140
    • SQL injection attacks, 41
  • web vulnerability scanning, 55
  • web-based applications, attack types, 54
  • web-based email services, 178
  • WEP encryption, keys, 105
  • whaling, 252
  • white box testing, 152, 241, 250, 258, 259, 264
  • whitelisting, 240, 241, 262
  • WiFi, captive portals, 252
  • Windows
    • audit record types, 165
    • events, 206
    • logging, 49
    • native logging format, 203
    • syslog events, 203
  • Windows 10 Pro, preventing unallowed programs, 119
  • Windows 2012 servers, checking patch status, 115
  • Windows Deployment Services (WDS), 220
  • Windows workstations, posts for externally initiated connections, 118
  • wireless networks
    • access control, 156
    • attacks, 111
    • hijacking, 156
    • penetration testing, 93
    • security standards, 97
    • unencrypted, 156
    • unintended accessibility, 94
  • Wireshark, 25, 197
  • wiring closets
    • locations, 199
    • security, 30
  • workflow-based account provisioning, 240
  • workstations
    • access restrictions, 144
    • imaging types, 61
    • security, 26
    • session management solutions, 127
  • worms, 248, 250
  • WoT. See Web of Trust (WoT)
  • WPA, LEAP protocol, 107
  • WPA2 PSK, 252, 253
  • write blockers, 211

X

  • X.509 standard, 222
  • Xmas scans, 210
  • XTACACS, 241

Z

  • zero-day attacks
    • Metasploit, 208
    • prevention, 151
  • zero-day vulnerabilities, 128
  • zzuf, 203, 207
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.219.14.63